WordPress security doesn't stop with just using a strong password, keeping your site up to date, and using a good hosting provider. Your blog comments are part of WordPress security too.
Unwanted comments have the potential of making you lose readers, ruin your site's reputation, get your blog attacked by a malicious hacker, or harm your site visitors computers (a rogue link can inject computer viruses).
Here's 3 mistakes I see blog owners make with comments:
1) Approve spam comments
It's amazing how many blogs out there have approved spam comments. I'm not sure if it's just pure laziness, comments are un-moderated, they have no clue what comment spam looks like, they like promoting Ugg Boots, or they just don't care.
If you're going to have a blog you need to pay attention to what you're feeding your readers and search engines! Check for links in comments/replies, look at the Author Name, checkout the comment author's website, check the IP address, look for bogus email addresses, and READ what the comment says. I can't tell you how many times I've clicked on the author's URL and it was blocked by Google for malware or my Kaspersky stopped me from opening the page.
2. Approve non-relevant comments by backlink seekers
I remember when I first starting blogging and got my first comment, “Nice blog. Thanks. I'm going to bookmark it.” I thought, Woohoo, someone likes my blog and approved it. But I failed to think, is this comment relevant or someone that's just trying to get a backlink to their own site. Sometimes these may just be trackback comments in the hopes that I allow trackbacks. (I've even seen trackback comments linked to a porn site.) And sometimes they try to make the comment “look” relevant, but upon further examination you can just tell they're not sincere.
Here's a couple screen shots I just took today off a site today:
Be sure to moderate your comments for backlink seekers and don't give your readers an option to “click” on a link to a rogue or unwanted site. You never know when one of those links could contain a virus or your reader vows never to visit your site again.
3. Lack of comment security settings
When was the last time you checked your “Discussion Settings” inside your WordPress dashboard? At the very least you should enable “Comment author must have a previously approved comment.” I always change the default of “2” to “1” for “Hold a comment in the queue if it contains…”
Please be sure to go through your comment settings and protect your site and your readers.
WordPress Security Tip:
Use the WordFence plugin to scan your comments for suspicious URLs.
Leave Your Feedback
If you're approving spam comments please tell me why? Do you moderate your comment spam? How does it feel when you see comment spam on someone's site? Please leave your comment below.